Posted by Geraldine Hunt on Mon, Feb 16th, 2015
Carbanak cybergang steals $1bn from 100 financial institutions worldwide in the worlds biggest cyberattack bank hack. The starting point of this attack was spear phishing emails sent to employees. With phishing emails in 2014 up 3X on the previous year (Kaspersky report) spear-phishing isn't going away. More than 100 financial institutions in 30 countries have been affected in this targeted attack reported to be the world's biggest cyberheist. Kaspersky told the Times "This is likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert."
Kaspersky Lab, INTERPOL, Europol combine efforts to uncover the criminal plot.
Kaspersky Lab, INTERPOL, Europol and authorities from different countries have combined efforts to uncover the criminal plot behind an unprecedented cyberrobbery. According To Kaspersky (one of the anti-virus components in SpamTitan) up to one billion US dollars was stolen over two years from various financial institutions worldwide.
Called the Carbanak gang, it is believed the cybercriminals come from Russia, Ukraine and other parts of Europe, as well as from China. This cyberheist brings cybercriminal activity to a new level, where criminals steal money directly from banks, and avoid targeting end users.
According to Kaspersky Lab data, ‘the Carbanak targets included financial organizations in Russia, USA, Germany, China, Ukraine, Canada, Hong Kong, Taiwan, Romania, France, Spain, Norway, India, the UK, Poland, Pakistan, Nepal, Morocco, Iceland, Ireland, Czech Republic, Switzerland, Brazil, Bulgaria, and Australia’. It is reported that these attacks remain active
Rigorous security training for all employees is critical.
The starting point of this attack doesn’t seem highly-sophisticated. So is it time organisations got back to basics? The cybercriminals starting point was a spear phishing email. This allowed them enter an employee’s PC which infecting the network with Carbanak malware.
According to Kaspersky ‘they were then able to jump into the internal network and track down administrators’ computers for video surveillance. This allowed them to see and record everything that happened on the screens of staff who serviced the cash transfer systems. In this way the fraudsters got to know every last detail of the bank clerks’ work and were able to mimic staff activity in order to transfer money and cash out.’
Even if its software is unique, a bank cannot get complacent.
“These bank heists were surprising because it made no difference to the criminals what software the banks were using. So, even if its software is unique, a bank cannot get complacent. The attackers didn’t even need to hack into the banks’ services: once they got into the network, they learned how to hide their malicious plot behind legitimate actions. It was a very slick and professional cyber-robbery,” said
Sergey Golovanov, Principal Security Researcher at Kaspersky Lab’s Global Research and Analysis Team.
"These attacks again underline the fact that criminals will exploit any vulnerability in any system. It also highlights the fact that no sector can consider itself immune to attack and must constantly address their security procedures. Identifying new trends in cybercrime is one of the key areas where INTERPOL works with Kaspersky Lab in order to help both the public and private sectors better protect themselves from these evolving threats," said Sanjay Virmani, Director of the INTERPOL Digital Crime Centre.
Attackers are persistent, they meticulously research their victims.
We (businesses and consumers) need to look after our own security procedures and ensure as much of these phishing emails are blocked before they even reach the end user. Attackers are persistent whether they’re trying to trick employees to click a bad url or download a malicious plug in. They meticulously research their victims and work hard to ensure that their story is believed. We need to consider our use of social media, what information is out there that could give criminals an edge in getting you to believe their email is authentic so that you unwittingly click on that link. Rigorous security training for all employees – not just the IT team – is absolutely critical. Only with employee training and strong security solutions, can companies hope to ensure their employees and employee information doesn’t become a weapon for the bad guys.
Security is best done with a layered approach.
No product is going to secure your network. Something will always get through. Granted security is best done with a layered approach but user education is vital.
Those layers include (but not limited to):
- Spam filtering – Ideally with AV built in, SpamTitan includes double AV of Kasperky and Clam
- A/V at the firewall
- A/V at the email gateway
- A/V at the desktop/server
- Following best practices for good password management and regular changing of passwords
- No open shares or other network services
- Most important is you monitoring all accounts, network activity, groups, etc.
If your users are not trained, you will get compromised. How do you handle spear-phishing threats in your organisation?